In this discussion, we quickly covered the PCI Council’s “PCI DSS Cloud Computing Guidelines[6]” information supplement and how it applies to companies working to achieve compliance with an emphasis on achieving compliance for cloud-aware environments. We also discussed the new prescriptive guidelines and how they clarify the lines of shared responsibility between the Cloud Service Provider (CSP) and their customers. Finally, we discussed how working with partners like CloudPassage can help you embrace new and automated methodologies to provide consistent security controls across hybrid environments.

Some of the key questions answered included:

What do the new PCI guidelines mean to CSPs and their customers?

What additional challenges do public and hybrid clouds present?

Where do traditional compliance tools and processes fall short in cloud-based environments?